diff options
| author | Yogesh Siraswar <yogeshs@ti.com> | 2021-11-18 05:12:13 +0000 |
|---|---|---|
| committer | Praneeth Bajjuri <praneeth@ti.com> | 2021-11-17 18:40:27 -0600 |
| commit | 081b693cf741b8b2d85ae618f10263432727d296 (patch) | |
| tree | 2561d8d1df2b9dce5c4da30d71c93ad2bd0e7a5b /tools | |
| parent | 4198f8b93b565150562f9d3af2dde37a016fe77a (diff) | |
k3_gen_x509_cert: Make SWRV configurable for anti-rollback protection
The x509 certificate SWRV is currently hard-coded to 0. This need to be
updated to 1 for j721e 1.1, j7200 and am64x. It is don't care for other
k3 devices.
Added new config K3_X509_SWRV to k3. Default is set to 1.
Signed-off-by: Yogesh Siraswar <yogeshs@ti.com>
Reviewed-by: Dave Gerlach <d-gerlach@ti.com>
Diffstat (limited to 'tools')
| -rwxr-xr-x | tools/k3_gen_x509_cert.sh | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/tools/k3_gen_x509_cert.sh b/tools/k3_gen_x509_cert.sh index 298cec1313..24cfc4e5fb 100755 --- a/tools/k3_gen_x509_cert.sh +++ b/tools/k3_gen_x509_cert.sh @@ -13,6 +13,7 @@ LOADADDR=0x41c00000 BOOTCORE_OPTS=0 BOOTCORE=16 DEBUG_TYPE=0 +SWRV=1 gen_degen_template() { cat << 'EOF' > degen-template.txt @@ -70,7 +71,7 @@ cat << 'EOF' > x509-template.txt shaValue = FORMAT:HEX,OCT:TEST_IMAGE_SHA_VAL [ swrv ] - swrv = INTEGER:0 + swrv = INTEGER:TEST_SWRV # [ encryption ] # initalVector = FORMAT:HEX,OCT:TEST_IMAGE_ENC_IV @@ -153,8 +154,9 @@ options_help[o]="output_file:Name of the final output file. default to $OUTPUT" options_help[c]="core_id:target core id on which the image would be running. Default to $BOOTCORE" options_help[l]="loadaddr: Target load address of the binary in hex. Default to $LOADADDR" options_help[d]="debug_type: Debug type, set to 4 to enable early JTAG. Default to $DEBUG_TYPE" +options_help[r]="SWRV: Software Rev for X509 certificate" -while getopts "b:k:o:c:l:d:h" opt +while getopts "b:k:o:c:l:d:h:r:" opt do case $opt in b) @@ -175,6 +177,9 @@ do d) DEBUG_TYPE=$OPTARG ;; + r) + SWRV=$OPTARG + ;; h) usage exit 0 @@ -230,6 +235,7 @@ gen_cert() { #echo " IMAGE_SIZE = $BIN_SIZE" #echo " CERT_TYPE = $CERTTYPE" #echo " DEBUG_TYPE = $DEBUG_TYPE" + echo " SWRV = $SWRV" sed -e "s/TEST_IMAGE_LENGTH/$BIN_SIZE/" \ -e "s/TEST_IMAGE_SHA_VAL/$SHA_VAL/" \ -e "s/TEST_CERT_TYPE/$CERTTYPE/" \ @@ -237,6 +243,7 @@ gen_cert() { -e "s/TEST_BOOT_CORE/$BOOTCORE/" \ -e "s/TEST_BOOT_ADDR/$ADDR/" \ -e "s/TEST_DEBUG_TYPE/$DEBUG_TYPE/" \ + -e "s/TEST_SWRV/$SWRV/" \ x509-template.txt > $TEMP_X509 openssl req -new -x509 -key $KEY -nodes -outform DER -out $CERT -config $TEMP_X509 -sha512 } |